Commit graph

145112 commits

Author SHA1 Message Date
R. RyanTM
4bb61a3ba4 singularity: 2.5.1 -> 2.5.2
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/singularity/versions.

<details><summary>Version release notes (from GitHub)</summary>
Greetings Singularity containerizers!

This release contains fixes for a _high severity_ security issue affecting Singularity 2.3.0 through 2.5.1 on kernels that support overlay file systems (CVE-2018-12021). A malicious user with network access to the host system (e.g. ssh) could exploit this vulnerability to access sensitive information on disk and bypass directory image restrictions like those preventing the root file system from being mounted into the container.

Singularity 2.5.2 should be installed immediately, and all previous versions of Singularity should be removed. The vulnerability addressed in this release affects kernels that support overlayfs. If you are unable to upgrade immediately, you should set `enable overlay = no` in `singularity.conf`.

In addition, this release contains a large number of bug fixes.  Details follow:

## [Security related fixes](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12021)
 - Removed the option to use overlay images with `singularity mount`.  This
   flaw could allow a malicious user accessing the host system to access
   sensitive information when coupled with persistent ext3 overlay.
 - Fixed a race condition that might allow a malicious user to bypass directory
   image restrictions, like mounting the host root filesystem as a container
   image

## Bug fixes
 - Fix an error in malloc allocation #1620
 - Honor debug flag when pulling from docker hub #1556
 - Fix a bug with passwd abort #1580
 - Allow user to override singularity.conf "mount home = no" with --home option
   #1496
 - Improve debugging output #1535
 - Fix some bugs in bind mounting #1525
 - Define PR_(S|G)ET_NO_NEW_PRIVS in user space so that these features will
   work with kernels that implement them (like Cray systems) #1506
 - Create /dev/fd and standard streams symlinks in /dev when using minimal dev
   mount or when specifying -c/-C/--contain option #1420
 - Fixed * expansion during app runscript creation #1486

As always, please report any bugs to:
https://github.com/singularityware/singularity/issues/new</details>

These checks were done:

- built on NixOS
- /nix/store/3igwiqi311c18w13y5r7zrgpcnzylg9l-singularity-2.5.2/bin/singularity passed the binary check.
- Warning: no invocation of /nix/store/3igwiqi311c18w13y5r7zrgpcnzylg9l-singularity-2.5.2/bin/run-singularity had a zero exit code or showed the expected version
- 1 of 2 passed binary check by having a zero exit code.
- 0 of 2 passed binary check by having the new version present in output.
- found 2.5.2 with grep in /nix/store/3igwiqi311c18w13y5r7zrgpcnzylg9l-singularity-2.5.2
- directory tree listing: https://gist.github.com/ed6db09ad43a19c6abf2d35d15ef489c
- du listing: https://gist.github.com/9bd23f4d6ee86a9eb2ba7ec5c986741d
2018-07-07 16:41:51 -07:00
Michael Weiss
d12e7b8d17 androidStudioPackages.{dev,canary}: 3.3.0.0 -> 3.3.0.1 2018-07-03 21:28:15 +02:00
Michael Weiss
a22d2a018d quiterss: 0.18.11 -> 0.18.12 2018-07-03 21:10:33 +02:00
Robert Schütz
208091b31b asciinema: 2.0.0 -> 2.0.1 2018-07-03 18:18:55 +02:00
Silvan Mosberger
bdac6ac4b2
Merge pull request #42860 from ldesgoui/fix-murmur-service
murmur service: prevent silent launch failure by waiting until network is available
2018-07-03 17:34:07 +02:00
Silvan Mosberger
59dd0e6c69
Merge pull request #41222 from gnidorah/firewall
nixos/firewall: per-interface port options
2018-07-03 17:21:55 +02:00
Alyssa Ross
79ab3370ed manual: fix buildPythonPackage example (#42866) 2018-07-03 17:19:18 +02:00
Gabriel Ebner
2f3cf58309 Revert "vapoursynth: fix build"
This reverts commit ad611a6223.
A better fix was committed directly afterwards in 2afe06c18f
2018-07-03 17:14:11 +02:00
Gabriel Ebner
ebf4cfb272 khard: fix build
Copied the fix from #42782
2018-07-03 17:08:47 +02:00
Orivej Desh
99e0f93aac vapoursynth: enable parallel building 2018-07-03 15:05:13 +00:00
Orivej Desh
2afe06c18f libheif: prune libtool files
Fixes build of vapoursynth: https://hydra.nixos.org/build/76818435
2018-07-03 15:05:13 +00:00
Gabriel Ebner
ad611a6223 vapoursynth: fix build 2018-07-03 17:03:12 +02:00
R. RyanTM
1fd0653294 zstd: 1.3.4 -> 1.3.5 (#42913) 2018-07-03 14:43:42 +00:00
Orivej Desh
4181081643 digitalbitbox: fix build after #41902
This package depends on qtmultimedia which depends on libpulse whose libtool
files add `-lcap` to the linker command line. These libtool files should be
stripped with pruneLibtoolFiles, and then libcap dependency can be removed.
2018-07-03 14:37:22 +00:00
Austin Seipp
e42e0c8179 foundationdb: add 5.2.5 release, and new 6.0.0 snapshot
This requires a bit of fiddling with the ldflags patches and reworking a few
things about how the SCM info is configured. Ideally, not much more will change
before the 6.0 release, I think...

This also upgrades all FoundationDB packages to use the ordinary libressl
expression (which is now at 2.7.x), and changes around a few other things,
which will require a rebuild.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-07-03 09:09:02 -05:00
Silvan Mosberger
08895c66c4
Merge pull request #42859 from scolobb/icicles-bump
icicles: 2018-04-16 -> 2018-07-02
2018-07-03 15:33:05 +02:00
Tim Steinbach
e08b53df15
minikube: 0.27.0 -> 0.28.0 2018-07-03 09:18:01 -04:00
Tim Steinbach
ddce094ddf
linux: Remove 4.16
This version is EOL and 4.17 is already in our tree.
Additionally, remove the 4.16-based Copperhead kernel, which is unmaintained
2018-07-03 09:18:01 -04:00
Tim Steinbach
fd269b9d0a
gradle: 4.8 -> 4.8.1 2018-07-03 09:18:01 -04:00
Tim Steinbach
760d5f6058
kotlin: 1.2.50 -> 1.2.51 2018-07-03 09:18:01 -04:00
Jörg Thalheim
64219950fc
Merge pull request #42879 from iimog/fix-rhdf5
rPackages.rhdf5: fix installation
2018-07-03 14:13:03 +01:00
Jörg Thalheim
ed20918278
Merge pull request #42896 from sorki/gpsd_nowait
nixos/gpsd-service: add services.gpsd.nowait option
2018-07-03 13:56:06 +01:00
Jörg Thalheim
32e982448d gpsd: use optionalString 2018-07-03 13:55:27 +01:00
Orivej Desh
1a76bd5552 ezquake: fix build after #41902 2018-07-03 12:44:57 +00:00
Jörg Thalheim
ad836e1b13
Merge pull request #42890 from sorki/ipmicfg_3
ipmicfg: 1.27.1 -> 1.28
2018-07-03 13:42:50 +01:00
Jörg Thalheim
73245552b7
Merge pull request #42898 from aespinosa/kerberos
nixos/kerberos: update binary folder pointer
2018-07-03 13:41:46 +01:00
Orivej Desh
9641ab9a27 ivan: fix build after #41902 2018-07-03 12:41:18 +00:00
Orivej Desh
48272ebb6c liberal-crime-squad: fix darwin build after #41902 2018-07-03 12:37:58 +00:00
Tim Steinbach
a4d56d0635
linux-hardened: Adjust config for 4.17.4 2018-07-03 08:35:37 -04:00
Tim Steinbach
37066b2aa5
linux: 4.18-rc2 -> 4.18-rc3 2018-07-03 08:35:37 -04:00
Tim Steinbach
ed8e468ad1
linux: 4.17.3 -> 4.17.4 2018-07-03 08:35:36 -04:00
Tim Steinbach
9f17f69afe
linux: 4.14.52 -> 4.14.53 2018-07-03 08:35:36 -04:00
Tim Steinbach
7dbd06773a
linux: 4.9.110 -> 4.9.111 2018-07-03 08:35:36 -04:00
Tim Steinbach
0fff428f96
linux: 4.4.138 -> 4.4.139 2018-07-03 08:35:36 -04:00
Orivej Desh
6b404b944a mpv: fix build with wayland after #41902 2018-07-03 12:32:41 +00:00
Jörg Thalheim
352b957a9a
Merge pull request #42308 from romildo/upd.moka-icon-theme
moka-icon-theme: 5.3.6 -> 5.4.0, faba-icon-theme: 2016-09-13 -> 4.3
2018-07-03 13:27:55 +01:00
ikervagyok
8e5de9e200 warzone2100: fix build after #41902 (#42908) 2018-07-03 12:27:06 +00:00
Jörg Thalheim
54da29274f
Merge pull request #42269 from Baughn/zfs
zfs: Improve import handling
2018-07-03 13:23:09 +01:00
Jörg Thalheim
eb7b881bc7
Merge pull request #42907 from ambrop72/vscode-1.24.1
vscode: 1.24.0 -> 1.24.1
2018-07-03 12:25:54 +01:00
Ambroz Bizjak
3d662b5d0b vscode: 1.24.0 -> 1.24.1 2018-07-03 12:27:58 +02:00
Vladimír Čunát
ea8b0fa1cc
knot-resolver: 2.3.0 -> 2.4.0
It includes security-relevant fixes.
https://gitlab.labs.nic.cz/knot/knot-resolver/tags/v2.4.0
2018-07-03 10:53:30 +02:00
Gabriel Ebner
6fcf294a0b imagemagick_light: remove heif dependency
See #42841
2018-07-03 10:38:56 +02:00
Peter Simons
af701cff96 all-cabal-hashes: update snapshot to Hackage at 2018-07-03T07:36:18Z 2018-07-03 10:30:49 +02:00
Gabriel Ebner
7138bc0eab
Merge pull request #42841 from gebner/heif
HEIF support
2018-07-03 09:28:25 +02:00
Ben Wolsieffer
8ab22fdbb9 buildbot: 1.1.1 -> 1.2.0 (#42899) 2018-07-03 09:16:00 +02:00
Allan Espinosa
da994fb64e nixos/kerberos: update binary folder pointer
${pkg.tcp_wrappers}/sbin does not exist anymore.
2018-07-02 20:15:11 -04:00
Joachim F
3ea5b15c20
Merge pull request #42845 from ivanbrennan/nixos-sudo-describe-rules-precedence
nixos/security.sudo: Document ordering of extraRules
2018-07-02 23:55:56 +00:00
Joachim F
338c493918
Merge pull request #42681 from r-ryantm/auto-update/redo
redo: 1.2 -> 1.3
2018-07-02 23:51:44 +00:00
Joachim F
587bc20bb7
Merge pull request #42857 from oxij/pkg/toxvpn-toxcore
toxvpn: use default libtoxcore
2018-07-02 23:48:27 +00:00
Joachim F
2a37894e3e
Merge pull request #42856 from oxij/pkg/update-tb
tor-browser: 52.8.1esr-7.5-1 -> 52.9.0esr-7.5-2
2018-07-02 23:47:44 +00:00